Recently, due to wide use of cloud computing and diversification of businesses and communication devices such as smart phones, information accumulated by an on-premise system (by a computer system within an enterprise) has been accumulated and utilized by an external system, which does not belong to the enterprise or its organization.
The information may include customers' information and personal information. On the other hand, in a business operation, an operation in the cloud computing, or the like, in a case of a purpose of using information, by laws and guidelines, including the Act on the Protection of Personal Information (so-called “Personal Information Protection Act”), there is obligation to properly process the information so as not to identify a certain person.
Also, regarding the Law about the protection of the personal information and the Law to revise a part of the law about, the number use to distinguish the authorized individual in the administrative procedure (the 189th 2015 Diet under discussion) in Japan, the following contents have been under discussion. If the information is processed, to be in a state in which the person is not easily specified, that is, is anonymized, with an aim to further utilize information by an Information and Communication Technology, the information may be provided to a third party without permission of the person.
In a view of anonymizing and using data, a technology and the like have been known to receive various kinds of k-anonymized data from multiple data providing agents and to evaluate whether the received k-anonymized data are acceptable.